Security News

Researchers have disclosed a new severe Oracle Cloud Infrastructure vulnerability that could be exploited by users to access the virtual disks of other Oracle customers. "Each virtual disk in Oracle's cloud has a unique identifier called OCID," Shir Tamari, head of research at Wiz, said in a series of tweets.

The U.S. Cybersecurity and Infrastructure Security Agency on Tuesday released an industrial control systems advisory warning of seven security flaws in Dataprobe's iBoot-PDU power distribution unit product, mostly used in industrial environments and data centers. "Successful exploitation of these vulnerabilities could lead to unauthenticated remote code execution on the Dataprobe iBoot-PDU device," the agency said in a notice.

Several bills totaling $15.6 billion are making their way through the House for the 2023 fiscal year. While $11.2 billion will go to the Department of Defense, $2.9 billion will be allocated to the Cyber Security and Infrastructure Security Agency.

A recent research found an increase in attacks across all the most targeted industries and organizations, including education, healthcare and finance. Attacks on critical infrastructure in particular have quadrupled.

Orca Security released the 2022 State of the Public Cloud Security Report, which provides important insights into the current state of public cloud security and where the most critical security gaps are found. The report, compiled by the Orca Research Pod, includes key findings from analyzing cloud workload and configuration data captured from billions of cloud assets on AWS, Azure and Google Cloud scanned by the Orca Cloud Security Platform from January 1st until July 1st 2022.

The State of Digital Trust 2022 research report from ISACA found that nearly all respondents believe digital trust is important and 63% said that digital trust is relevant to their jobs. Those that measure digital trust have two areas in common-their board of directors has prioritized digital trust and they use a digital trust framework, according to the report.

The CIS Critical Security Controls are a prioritized set of safeguards to mitigate the most prevalent cyber-attacks against systems and networks. They are mapped to and referenced by multiple legal, regulatory, and policy frameworks.

How secure are the third parties you've entrusted with your data? SOC 2 is a framework that ensures these service providers securely manage data to protect their customers and clients. For security-conscious businesses - and security should be a priority for every business today - SOC 2 is now a minimal requirement when considering a SaaS provider.

Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage devices. Tracked as CVE-2022-34747, the issue relates to a "Format string vulnerability" affecting NAS326, NAS540, and NAS542 models.

Critical infrastructure organizations are lagging far behind when it comes to adopting identity-based security and modernizing their systems, which often include both operational technology and information technology components. Despite the rising threats facing critical infrastructure systems, IBM's latest Cost of a Data Breach report found that while 41% of organizations overall have implemented some level of identity-based access solutions, only 21% of critical infrastructure organizations have done so.